Skip to main content
SpringerLink
Log in

SecureDom: secure mobile-sensitive information protection with domain separation

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

The virtualization techniques are receiving more attention lately in mobile device security. In this study, we present SecureDom which is the device security of data-centric that aims to protect private, enterprise or sensitive data from various attacks and threats. To achieve it, we provide the mobile device security platform based on domain separation and suggests three essential secure functions which should be offered for secure domain: authentication/access control (AAC) module, secure storage (STR) module and encryption/key management (EKM) module. In secure functions, the AAC module applies two-factor authentication by user and app to access SD, the STR module introduces the enhanced abilities of secure filesystem and EKM module is in charge of security algorithms for data encryption, integrity validation or key generation. Here, EKM module can utilize the existing encryption module that is certified by cryptographic validation program. In the experiment, it demonstrates that some notable overheads are caused in the performance of virtualization engine and inter-domain communication (IDC) performance based on hypervisor, while it provides the strong isolation in domain, IDC, filesystem and resource and the separation of processes.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

References

  1. Singh R, Singh P, Duhan M (2014) An effective implementation of security based algorithmic approach in mobile adhoc networks. Human-Centric Comput Inf Sci 4(7):1–4

    Google Scholar 

  2. Eslahi M, Naseri MV, Hashim H, Tahir NM, Saad EHM (2014) BYOD: current state and security challenges. In: IEEE Symposium on Computer Applications & Industrial Electronics, pp 189–192

  3. Rhee K, Jeon W, Won D (2012) Security requirements of a mobile device management system. Int J Secur Appl 6(2):353–358

    Google Scholar 

  4. Oh D, Kim I, Kim K, Lee S-M, Ro WW (2015) Highly secure mobile devices assisted with trusted cloud computing environments. ETRI J 37(2):348–358

    Article  Google Scholar 

  5. Ongtang M, McLaughlin S, Enck W, McDaniel P (2009) Semantically rich application-centric security in android. In: Proceedings of Annual Computer Security Applications Conference (ACSAC ’09), pp 73–82

  6. Villate Y, Illarramendi A, Pitoura E (2000) Data lockers: mobile-agent based middleware for the security and availability of roaming users data. Lecture notes in computer science, vol 1901, pp 275–286

  7. Hwang J, Wood T (2012) Adaptive dynamic priority scheduling for virtual desktop infrastructures. In: Proceedings of IWQoS, pp 1–9

  8. Crowell A, Ng BH, Fernandes E, Prakash A (2013) The confinement problem: 40 years later. J Inf Process Syst 9(2):189–204

    Article  Google Scholar 

  9. Cho M, Lee HJ, Kim M, Kim SW (2013) AndroScope: an insightful performance analyzer for all software layers of the android-based systems. ETRI J 35(2):259–269

    Article  MathSciNet  Google Scholar 

  10. Nauman M, Khan S, Zhang X (2010) Apex: extending android permission model and enforcement with user-defined runtime constraints. In: Proceedings of Fifth ACM Symposium on Information, Computer and Communication Security (ASIACCS ’10), pp 328–332

  11. Arzt S, Rasthofer S, Fritz C, Bodden E, Bartel A, Klein J, Le Traon Y, Octeau D, McDaniel P (2014) Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In: Proceedings PLDI. ACM

  12. Enck W, Gilbert P, Chun B-G, Cox LP, Jung J, McDaniel P, Sheth AN (2010) Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: OSDI. USENIX

  13. Hornyack P, Han S, Jung J, Schechter S, Wetherall D (2011) These aren’t the droids you’re looking for’: retroffiting androidto protect data from imperious applications. In: Proceedings of 18th ACM conference on computer and communication security (CCS ’11), pp 639–652

  14. Conti M, Fernandes E, Paupore J, Prakash A, Simionato D (2014) Oasis: operational access sandboxes for information security. In: Proceedings of the 4th ACM workshop on security and privacy in smartphones & mobile devices, SPSM ’14. ACM, pp 105–110

  15. Xu R, Saïdi H, Anderson R (2012) Aurasium: practical policy enforcement for android applications. In: USENIX security symposium

  16. Heuser S, Nadkarni A, Enck W, Sadeghi AR (2014) ASM: a programmable interface for extending android security. In: Proceedings of the 23rd USENIX conference on Security Symposium, August 20–22, pp 1005–1019

  17. Backes M, Bugiel S, Gerling S, von Styp-Rekowsky P (2014) Android security framework: extensible multi-layered access control on android. In: Proceedings of the 30th annual computer security applications conference, pp 46–55

  18. Sufatrio Tan DJJ, Chua T-W, Thing VLL (2015) Securing android: a survey, taxonomy, and challenges. J ACM Comput Surv 47(58):58–102

    Google Scholar 

  19. Heiser G (2008) The role of virtualization in embedded systems. In: IIES ’08: Proceedings of the 1st workshop on Isolation and integration in embedded systems, pp 11–16

  20. Aguiar A, Hessel F (2010) Embedded systems’ virtualization: the next challenge? In: 2010 21st IEEE international symposium on rapid system prototyping (RSP), pp 1–7

  21. Mahajan K, Makroo A, Dahiya D (2013) Round robin with server affinity: a VM load balancing algorithm for cloud based infrastructure. J Inf Process Syst 9(3):379–394

    Article  Google Scholar 

  22. Rosenblum M (2004) The reincarnation of virtual machines. ACM Queue 2(5):34–40

    Article  Google Scholar 

  23. Tuch H, Laplace C, Barr KC, Wu B (2012) Block storage virtualization with commodity secure digital cards. In: ACM SIGPLAN Notices, VEE ’12, vol 47, no 7, pp 191–202

  24. Catuogno L, Löhr H, Manulis M, Sadeghi A, Winandy M (2009) Transparent mobile storage protection in trusted virtual domains. In: Proceedings of the 23rd conference on large installation system administration, pp 1–14

  25. Catuogno L, Löhr H, Winandy M, Sadeghi A (2014) A trusted versioning file system for passive mobile storage devices. J Netw Computer Appl 38:65–75

    Article  Google Scholar 

  26. Shu J, Shen Z, Xue W (2014) Shield: a stackable secure storage system for file sharing in public storage. J Parallel Distrib Comput 74(9):2872–2883

    Article  Google Scholar 

  27. Catuogno L, Dmitrienko A, Eriksson K, Kuhlmann D, Ramunno G, Sadeghi A, Schulz S, Schunter M, Winandy M, Zhan J (2009) Trusted virtual domains–design, implementation and lessons learned. In: Proceedings of the first international conference on trusted systems, pp 1–24

  28. Russello G, Conti M, Crispo B, Fernandes E (2012) MOSES: supporting operation modes on smartphones. In: Proceedings of the 17th ACM symposium on access control models and technologies, pp 3–12

  29. Andrus J, Dall C, Hof AV, Laadan O, Nieh J (2011) Cells: a virtual mobile smartphone architecture. In: Proceedings of the twenty-third ACM symposium on operating systems principles, pp 173–187

  30. Zhauniarovich Y, Russello G, Conti M, Crispo B, Fernandes E (2014) MOSES: supporting and enforcing security profiles on smartphones. IEEE Trans Dependable Secure Comput 11(3):211–223

    Article  Google Scholar 

  31. Bugiel S, Davi L, Dmitrienko A, Heuser S, Sadeghi A-R, Shastry B (2011) Practical and lightweight domain isolation on android. In: 1st ACM CCS workshop on security and privacy in mobile devices (SPSM’11)

  32. Sun Q, Qi T, Yang T, Cui Y (2013) An android dynamic data protection model based on light virtualization. In: Conference on communication technology, pp 65–69

  33. Lange M, Liebergeld S, Lackorzynski A, Warg A, Peter M (2011) L4Android: a generic operating system framework for secure smartphones. In: SPSM. ACM

  34. Labrosse J (1992) \(\mu \)C/OS the real-time kernel. R&D publications, Lawrence

    Google Scholar 

  35. Reshetova E, Karhunen J, Nyman T, Asokan N (2014) Security of OS-level virtualization technologies: Technical report. Cornell Univ. Library, pp 1–20. arXiv:1407.4245v1

  36. Park S-W, Lim JD, Kim JN (2015) A secure storage system for sensitive data protection based on mobile virtualization. Int J Distrib Sensor Netw 8

  37. Truong T, Tran M, Duong A (2012) Improvement of the more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on ECC. J Converg 3(2):1–10

    Google Scholar 

  38. Albayram Y, Khan MMH, Bamis A, Kentros S, Nguyen N, Jiang R (2015) Designing challenge questions for location-based authentication systems: a real-life study. Human-Centric Comput Inf Sci 5:5–21

    Article  Google Scholar 

  39. Diesburg SM, Wang A-IA (2010) A survey of confidential data storage and deletion methods. ACM Comput Surv 43(1):1–37

    Article  Google Scholar 

  40. Qin Y, Tong W, Liu J, Zhu Z (2013) SmSD: a smart secure deletion scheme for SSDs. J Converg 4(4):30–35

    Google Scholar 

  41. Hong D, Sung J, Hong S, Lim J, Lee S, Koo B, Lee C, Chang D, Lee J, Jeong K, Kim H, Kim J, Chee S (2006) HIGHT: a new block cipher suitable for low-resource device. LNCS 4249:46–59

    MATH  Google Scholar 

  42. Bogdanov A, Knudsen LR, Leander G, Paar C, Poschmann A, Robshaw MJB, Seurin Y, Vikkelsoe C (2007) PRESENT: an ultra-lightweight block cipher. LNCS 4727:450–466

    MATH  Google Scholar 

  43. Oh S-C, Kim KH, Koh KW, Ahn C-W (2010) ViMo (virtualization for mobile): a virtual machine monitor supporting full virtualization for arm mobile systems. In: The first international conference on cloud computing, grids, and virtualization, pp 48–53

  44. Weiss Alan R (2002) Dhrystone benchmark, white paper

  45. (2011) Dhrystone benchmarking for ARM cortex processors, application note 273

Download references

Acknowledgments

This work was supported by the ICT R&D program of MSIP/IITP. [R0101-15-0195(10043959), Development of EAL 4 level military fusion security solution for protecting against unauthorized accesses and ensuring a trusted execution environment in mobile devices].

Author information

Authors and Affiliations

  1. Cyber Security Research Department, Electronics and Telecommunications Research Institute, Daejeon, Republic of Korea

    Su-Wan Park & JeongNyeo Kim

  2. Department of Information Security, Seowon University, Cheongju, Republic of Korea

    Deok Gyu Lee

Authors
  1. Su-Wan Park
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. JeongNyeo Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Deok Gyu Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Deok Gyu Lee.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Park, SW., Kim, J. & Lee, D.G. SecureDom: secure mobile-sensitive information protection with domain separation. J Supercomput 72, 2682–2702 (2016). https://doi.org/10.1007/s11227-015-1578-6

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-015-1578-6

Keywords

Search

Navigation